A message from CESER Director Puesh Kumar on Cybersecurity Awareness Month and Critical Infrastructure Security and Resilience Month.
Each year, in October and November, we mark Cybersecurity Awareness Month and Critical Infrastructure Security and Resilience Month, respectively. These two observances are perfectly aligned with CESER’s mission and so I am excited to share an important initiative we have underway.
For years, the concept of security by design has been a part of the conversation around cybersecurity for critical infrastructure. The Department of Energy is leading the charge to move from concept to action with Cyber-Informed Engineering, or CIE.
With CIE we have an opportunity to invest in our long-term cybersecurity, which is an investment in our future national and economic security.”
CIE is a methodology to integrate cybersecurity into the conception, design, development, and operation of any physical system that has digital connectivity, monitoring, or control. It is, essentially, an effort to integrate cybersecurity from the early design phases to the deployment phase of a project. This approach brings the expertise and the experience of the engineering community to bear on some of the most consequential cyber threats facing the U.S. energy sector.
Since our launch in June last year, CIE thought leaders in industry, government, and at the National Laboratories have been actively building awareness in the engineering, cybersecurity, education, and standards communities. In fact, earlier this year the President issued the National Cyber Strategy, which recognized the importance of leveraging CIE as we make new investments in the U.S. energy sector. We’re moving fast and aiming high.
In September, we released a CIE Implementation Guide and an open-source library of tools, case studies, and lessons to support it. This document is a game changer for the energy sector and the critical infrastructure community more broadly. It makes CIE actionable and provides numerous examples of how the principles of CIE can be applied by critical infrastructure owners and operators. These include asset owners, vendors, trade associations, academic institutions, researchers, engineering service providers, and standards bodies.
Southern Company, New York Power Authority, Dominion Energy, and the New York Independent System Operator all provided insight to the National Cyber-Informed Engineering strategy. Southern Company has also committed to implementing CIE in future projects.
Our Practitioner’s Workshop for Cyber-Informed Engineering attracted 220 participants looking to learn and share insights about the application of Cyber-Informed Engineering. These efforts have not gone unnoticed, seeing coverage in outlets like Forbes and the Harvard Business Review.
With CIE we have an opportunity to invest in our long-term cybersecurity, which is an investment in our future national and economic security. Over the next ten years, we expect to see trillions of dollars of public and private investment in the U.S. energy sector and CIE will be instrumental to ensuring that we’re designing those projects with cybersecurity in mind. This will revolutionize our approach to securing critical infrastructure and will ensure the reliable provision of electricity and fuel to American homes and businesses.
Today, I’d like to encourage the energy sector, and critical infrastructure community more broadly, to commit to applying CIE to one major infrastructure project over the next year. As we move into Critical Infrastructure Security and Resilience Month, I encourage you to learn more about CIE by reading and exploring our newly launched CIE homepage.
Director, Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER)